[Bug 16999] New: Visual C++ 2005 Express IDE: stack overflow at startup due to empty class id string
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Jan 18 07:51:29 CST 2009
http://bugs.winehq.org/show_bug.cgi?id=16999
Summary: Visual C++ 2005 Express IDE: stack overflow at startup
due to empty class id string
Product: Wine
Version: 1.1.13
Platform: Other
URL: http://www.microsoft.com/express/2005/download/default.a
spx
OS/Version: other
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: ole32
AssignedTo: wine-bugs at winehq.org
ReportedBy: focht at gmx.net
Hello,
prerequisites:
Patch from bug 5054 to work around invalid URL cache entries
(http://bugs.winehq.org/attachment.cgi?id=18726)
1. clean WINEPREFIX
2. sh winetricks -q dotnet20 msxml6
3. download and run web installer (see URL)
4. start the VC++ 2005 IDE (wine VCExpress.exe)
---
The IDE crashes due to stack overflow.
--- snip ---
...
0038:Call advapi32.RegQueryValueExW(00000418,50061238
L"MRUCommand2GUID",00000000,003289e8,003289ec,003289e0) ret=50008e41
0038:Ret advapi32.RegQueryValueExW() retval=00000000 ret=50008e41
0038:Call advapi32.RegQueryValueExW(00000418,502800c8
L"MRUCommand2ID",00000000,00000000,00328c38,00328c34) ret=501f1800
0038:Ret advapi32.RegQueryValueExW() retval=00000000 ret=501f1800
0038:Call ole32.CLSIDFromString(00328c40
L"{5EFC7975-14BC-11CF-9B2B-00AA00573819}",50758004) ret=501f181a
0038:trace:ole:__CLSIDFromString L"{5EFC7975-14BC-11CF-9B2B-00AA00573819}" ->
0x50758004
0038:Ret ole32.CLSIDFromString() retval=00000000 ret=501f181a
0038:CALL MSVCR80.memset(003289f0,00000000,00000204) ret=50008e1d
0038:RET MSVCR80.memset() retval=003289f0 ret=50008e1d
0038:Call advapi32.RegQueryValueExW(00000418,50061258
L"MRUCommand3GUID",00000000,003289e8,003289ec,003289e0) ret=50008e41
0038:Ret advapi32.RegQueryValueExW() retval=00000000 ret=50008e41
0038:Call advapi32.RegQueryValueExW(00000418,502800e4
L"MRUCommand3ID",00000000,00000000,00328c38,00328c34) ret=501f1847
0038:Ret advapi32.RegQueryValueExW() retval=00000000 ret=501f1847
0038:Call ole32.CLSIDFromString(00328c40 L"",50758018) ret=501f1861
0038:Call KERNEL32.GetProcessHeap() ret=604e16fd
0038:Ret KERNEL32.GetProcessHeap() retval=00110000 ret=604e16fd
0038:Call ntdll.RtlAllocateHeap(00110000,00000000,00000010) ret=604e1711
0038:Ret ntdll.RtlAllocateHeap() retval=00ed1298 ret=604e1711
0038:Call advapi32.RegOpenKeyW(80000000,00ed1298 L"\\CLSID",00328acc)
ret=604e1758
0038:Ret advapi32.RegOpenKeyW() retval=00000000 ret=604e1758
...
0038:Call advapi32.RegOpenKeyW(80000000,00ed1298 L"\\CLSID",0023294c)
ret=604e1758
0038:Ret advapi32.RegOpenKeyW() retval=00000000 ret=604e1758
0038:Call KERNEL32.GetProcessHeap() ret=604e17f0
0038:Ret KERNEL32.GetProcessHeap() retval=00110000 ret=604e17f0
0038:Call ntdll.RtlFreeHeap(00110000,00000000,00ed1298) ret=604e1809
0038:Ret ntdll.RtlFreeHeap() retval=00000001 ret=604e1809
0038:Call advapi32.RegQueryValueW(0000043c,00000000,00232956,00232950)
ret=604e182d
0038:Ret advapi32.RegQueryValueW() retval=00000000 ret=604e182d
0038:Call advapi32.RegCloseKey(0000043c) ret=604e18b1
0038:Ret advapi32.RegCloseKey() retval=00000000 ret=604e18b1
0038:trace:seh:raise_exception code=c00000fd flags=0 addr=0x601e289e
ip=0x601e289e tid=0038
0038:trace:seh:raise_exception eax=00000000 ebx=602e4ff4 ecx=00232720
edx=00000000 esi=00000000 edi=0023268c
0038:trace:seh:raise_exception ebp=00232038 esp=00231ffc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010206
0038:trace:seh:call_stack_handlers calling handler at 0x506ea492 code=c00000fd
flags=0
0038:err:seh:setup_exception_record stack overflow 976 bytes in thread 0038 eip
601b4678 esp 00230f60 stack 0x230000-0x231000-0x330000
--- snip ---
Relevant registry data:
--- snip ---
[HKEY_USERS\S-1-5-4\Software\Microsoft\VCExpress\8.0\StartPage]
"Command1"="{F3192B90-EA73-480F-9471-04524118D767}|20487|"
"Command2"="{F3192B90-EA73-480F-9471-04524118D767}|20482|"
"Command3"="{F3192B90-EA73-480F-9471-04524118D767}|20480|"
"Command4"="{F3192B90-EA73-480F-9471-04524118D767}|20481|"
"Command5"="{F3192B90-EA73-480F-9471-04524118D767}|20483|"
"Command6"="{F3192B90-EA73-480F-9471-04524118D767}|20485|"
"DownloadState"=dword:00000000
"MRUCommand1GUID"="{5EFC7975-14BC-11CF-9B2B-00AA00573819}"
"MRUCommand1ID"=dword:000000d8
"MRUCommand2GUID"="{5EFC7975-14BC-11CF-9B2B-00AA00573819}"
"MRUCommand2ID"=dword:00000141
"MRUCommand3GUID"=""
"MRUCommand3ID"=dword:00000000
"MRUCommand4GUID"=""
"MRUCommand4ID"=dword:00000000
--- snip ---
The problem is actually a bug in CLSIDFromProgID() when passed an empty id
string which results in nice recursion :-)
--- snip dlls/ole32/compobj.c ---
HRESULT WINAPI CLSIDFromString(LPOLESTR idstr, CLSID *id )
{
HRESULT ret;
if (!id)
return E_INVALIDARG;
ret = __CLSIDFromString(idstr, id);
if(ret != S_OK) { /* It appears a ProgID is also valid */
ret = CLSIDFromProgID(idstr, id);
}
return ret;
}
...
HRESULT WINAPI CLSIDFromProgID(LPCOLESTR progid, LPCLSID clsid)
{
static const WCHAR clsidW[] = { '\\','C','L','S','I','D',0 };
WCHAR buf2[CHARS_IN_GUID];
LONG buf2len = sizeof(buf2);
HKEY xhkey;
WCHAR *buf;
if (!progid || !clsid)
{
ERR("neither progid (%p) nor clsid (%p) are optional\n", progid,
clsid);
return E_INVALIDARG;
}
/* initialise clsid in case of failure */
memset(clsid, 0, sizeof(*clsid));
buf = HeapAlloc( GetProcessHeap(),0,(strlenW(progid)+8) * sizeof(WCHAR) );
strcpyW( buf, progid );
strcatW( buf, clsidW );
if (RegOpenKeyW(HKEY_CLASSES_ROOT,buf,&xhkey))
{
HeapFree(GetProcessHeap(),0,buf);
WARN("couldn't open key for ProgID %s\n", debugstr_w(progid));
return CO_E_CLASSSTRING;
}
HeapFree(GetProcessHeap(),0,buf);
if (RegQueryValueW(xhkey,NULL,buf2,&buf2len))
{
RegCloseKey(xhkey);
WARN("couldn't query clsid value for ProgID %s\n", debugstr_w(progid));
return CO_E_CLASSSTRING;
}
RegCloseKey(xhkey);
return CLSIDFromString(buf2,clsid);
}
--- snip dlls/ole32/compobj.c ---
CLSIDFromProgID() needs to be fixed for the empty cls/prog id string case.
With proper patch applied, the IDE starts.
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list